Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Spamhaus listed an entire /16

Spamhaus listed an entire /16

randvegetarandvegeta Member, Provider

We rent a few IPs from a various companies. We have a few ranges from Host1Plus.

Several days ago, an entire /16 under H1P was blacklisted by spamhaus.

https://www.spamhaus.org/sbl/query/SBL369111

Now I understand the desire to put pressure on a host to take action, but this is ridiculous. a /16 = 65,536 IP addresses.

From what I can see in the SBL report, there are some 30-40 cases on the whole /16. Most of the IPs I believe are leased by other companies using their own AS, and so are not under direct control of H1P.

Even if H1P wanted to take back an entire subnet, it is not always so easy as removing a route object from RADB or other DBs does not guarantee that the IPs will stop being routed.

This action by Spamhaus seems rather excessive.

«1

Comments

  • Yeah, H1P's main business is leasing ranges so this is super excessive. An entire /16 because of 40 listings?

    Mental.

  • randvegeta said: This action by Spamhaus seems rather excessive.

    Agreed.

  • Classic Spamhaus bullshit.

  • cociucociu Member, Provider

    bullshit ! every day spamhouse is getting more ridiculos really ...

    Thanked by 1joeri
  • Suggestion: why don't some providers here, preferably incl. some bigger ones, build - and then use - an alternative "spamhaus" but done the right way?

    Complaining about spamhaus won't change things. So much we know since years. From what I see there are 3 options:

    • continue as usual and wait till you are raped
    • "kill" them. Quite difficult as they have big corps and orgs behind them. A lawsuite, for instance, promises little
    • create a better alternative and promote that i.a. with your large customer base.

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

  • randvegetarandvegeta Member, Provider

    @bsdguy said: Suggestion: why don't some providers here, preferably incl. some bigger ones, build - and then use - an alternative "spamhaus" but done the right way?

    Complaining about spamhaus won't change things. So much we know since years. From what I see there are 3 options:

    • continue as usual and wait till you are raped
    • "kill" them. Quite difficult as they have big corps and orgs behind them. A lawsuite, for instance, promises little
    • create a better alternative and promote that i.a. with your large customer base.

    I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.

  • WSSWSS Member

    If people cease using them, and they're no longer bribedsponsored, they'll eventually go away.

    Saint Peter don't you call me 'cause I can't go / I owe my soul to the VirMach corps.

  • caracalcaracal Member
    edited September 10

    Quick, someone try to get 24.0.0.0/8 blocked, maybe they'd become irrelevant then

    --

    side note, is this the first time they blocked a /16?

    meow?

  • @randvegeta said: I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.

    It won't be easy and it won't be fast, so far I agree.

    However: If someone does it free and right, if someone creates the right blend, it will take off and spamhaus will become less powerful.

    Things start small. But they should start.

    As an experienced IT guy, let me offer 2 thoughts:

    • one needs a good input filter so as to avoid false listings (due to malevolence, pranks, etc)

    • one needs a good reputation mechanism linked to both IP ranges and companies.

    And obviously one needs a good interface and delisting procedure.

    It could be done, it won't be very expensive, and it will be relatively cheap to run. And hey, you hosters are at the source, you are at an excellent position.

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

  • AnthonySmithAnthonySmith Member, Provider

    I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ | NEW PURE NVME SSD OpenVZ UK

  • WSSWSS Member

    Are you seriously suggesting a legume DDoS?

    Saint Peter don't you call me 'cause I can't go / I owe my soul to the VirMach corps.

    Thanked by 1FoxelVox
  • AnthonySmithAnthonySmith Member, Provider

    WSS said: Are you seriously suggesting a legume DDoS?

    yes, yes I am.

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ | NEW PURE NVME SSD OpenVZ UK

    Thanked by 2FoxelVox WSS
  • we-dont-give-a-fuck-haus

  • randvegetarandvegeta Member, Provider
    edited September 10

    To be perfectly honest, I think the only way to really solve the mail problem is to make mail actually cost something. And that is not to say there would be some service provider getting rich off legitimate e-mail, but if you could imagine the following.

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10. The value is is received by the recipient of the E-mail and so there is a financial reward for receiving an e-mail. On the other hand it would cost the same amount to send out email. In normal cases, where people send/receive roughly equal amounts email, overall, it would effectively be free.

    By requiring this token, it would be prohibitively expensive to use as a means of sending spam. Initial 'deposit' would be small and ongoing, actual use would effectively be free.

    In the case where you start receiving payment for every mail, you may then actually WELCOME and WANT SPAM.

    Thanked by 1elwebmaster
  • @AnthonySmith said: I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

    Would we call it Distributed Denial of Peanuts

    Thanked by 1Aidan
  • @randvegeta said: To be perfectly honest, I think the only way to really solve the mail problem is to make mail actually cost something. And that is not to say there would be some service provider getting rich off legitimate e-mail, but if you could imagine the following.

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10. The value is is received by the recipient of the E-mail and so there is a financial reward for receiving an e-mail. On the other hand it would cost the same amount to send out email. In normal cases, where people send/receive roughly equal amounts email, overall, it would effectively be free.

    By requiring this token, it would prohibitively expensive to use as a means of sending spam. Initial 'deposit' would be small and ongoing, actual use would effectively be free.

    In the case where you start receiving payment for every mail, you may then actually WELCOME and WANT SPAM.

    That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

  • randvegetarandvegeta Member, Provider

    jetchirag said: That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

    But you dont recieve the value either.

    If you start getting paid $0.10 for every e-mail, you may not care so much. If I disabled my spam filter, I would get hundreds of spams per day. That could be 10s of dollars :-)

    Thanked by 1jetchirag
  • farnoxfarnox Member, Provider

    The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

  • randvegetarandvegeta Member, Provider

    farnox said: The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

    Just because a listing is old does not mean the problem is current.

    We occasionally get IPs listed and normally we take action right away but the listing remains in place until we specifically request a delisting. And we don't request delisting until we need it (waste of time otherwise).

  • WSSWSS Member

    @jetchirag said:

    @AnthonySmith said: I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.

    dealing with hundreds of packets of peanuts every day will become annoying enough to force action.

    Would we call it Distributed Denial of Peanuts

    I believe it'd be a Distributed Overabundance of Peanuts.

    Saint Peter don't you call me 'cause I can't go / I owe my soul to the VirMach corps.

    Thanked by 1jetchirag
  • WebProjectWebProject Member, Provider

    the reason for blocking botnet, botnet controller, Hosting botnet spammers and illegal activity on their servers like carders forum, I do believe Spamhaus did right step to block such activity!

    VPS Price Match Guarantee on: All our range of DDOS protected XEN-HVM VPS Plans
    Looking for storage VPS and managed service? Check our VPS4Storage website and get 40% OFF for lifetime.
    Thanked by 1bacloud
  • farnoxfarnox Member, Provider

    @randvegeta You should. Spamhaus removes them in a couple of hours.

    Thanked by 1vimalware
  • @randvegeta said:

    jetchirag said: That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam

    But you dont recieve the value either.

    If you start getting paid $0.10 for every e-mail, you may not care so much. If I disabled my spam filter, I would get hundreds of spams per day. That could be 10s of dollars :-)

    Maybe it could work if we can add some senders to exempt list otherwise pricing of many services would go unpredictable. Is it even possible to do so? It would be 100x harder to get this into action than creating spamhaus's alternative

  • KuJoeKuJoe Member, Provider
    edited September 10

    I have mixed feelings about Spamhaus, the internet is a shitty place in general and Spamhaus is the only real organization that has the power and ability to "police" the internet. Yes, blacklisting an entire /16 is a heavy move... but looking at the stuff that's hosted on that IP space some of it just can't be allowed to live on the internet. I understand some providers don't want to invest any time or money to keep their IP space clean (it's more profitable for them not to), but when you lease IP space this is one of your primary jobs.

    Hopefully Host1Plus can get things under control and clean up their IP space.
    Hopefully Spamhaus can figure out a better system to offer better transparency and to better punish the people who deserve it while limiting the impact to legitimate clients.
    Hopefully a competing service appears that rivals Spamhaus to reduce the power they have over companies (and to better punish hosts who don't care).

    But in the end, we're stuck with what we have so hosts need to be diligent. After all, it is our responsibility to help keep the internet clean.

    This is just my opinion. I personally go above and beyond to run a legal and ethical company so I know the kind of work required for it and I also know how rich I could be right now if I didn't care (no seriously, I've had outrageous offers to compromise my ethics and I completely understand that some people cannot afford to pass up those offers).

    -Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
    Need free hosting? Get AFreeCloud
    Thanked by 1marrco
  • AnthonySmithAnthonySmith Member, Provider

    KuJoe said: Hopefully Host1Plus can get things under control and clean up their IP space.

    Do host1plus own the entire /16 do you know?

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ | NEW PURE NVME SSD OpenVZ UK

  • jarlandjarland Administrator

    @randvegeta said:

    farnox said: The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.

    Just because a listing is old does not mean the problem is current.

    We occasionally get IPs listed and normally we take action right away but the listing remains in place until we specifically request a delisting. And we don't request delisting until we need it (waste of time otherwise).

    Sounds like it's not a waste of time if a range listing bothers you. Remember this is just SBL, if it doesn't bother your customers then it's fine. But if it does, then you should probably be talking to spamhaus.

  • NeoonNeoon Member
    edited September 10

    Well, if Providers do not clear out the IP space, I would even backlist an /8.

    As soon you go deep enough, they will care.

  • KuJoeKuJoe Member, Provider

    @AnthonySmith said:

    KuJoe said: Hopefully Host1Plus can get things under control and clean up their IP space.

    Do host1plus own the entire /16 do you know?

    The limited research I've done points to yes and for Spamhaus' sake I really hope so. If Spamhaus blacklisted IPs not belonging to Host1Plus because of Host1Plus' actions then there should be large scale riots.

    -Joe @ SecureDragon - LEB's Powered by Wyvern in FL, CO, CA, IL, NJ, GA, OR, TX, and AZ
    Need free hosting? Get AFreeCloud
  • MikeAMikeA Member, Provider

    @farnox said: @randvegeta You should. Spamhaus removes them in a couple of hours.

    I have to agree here here.. Spamhaus has contacted me (or I contacted them too) because some, very few IPs a long time ago clients used were listed for botnet controllers, I replied within a few hours confirming the problem and dealing with it, they replied and delisted the same day. Maybe spam or other reasons for blacklisting are handled differently, but they've always been respectful and quick for me so I've done the same for them.

    This is the same for every company I deal with, I suspect they ignored them or were a dick, in return they got ignored or dick responses.

    ExtraVM - DDoS Protected VPS - US, CA, FR, SNG

    Thanked by 2farnox vimalware
  • randvegetarandvegeta Member, Provider

    @MikeA said:

    @farnox said: @randvegeta You should. Spamhaus removes them in a couple of hours.

    I have to agree here here.. Spamhaus has contacted me (or I contacted them too) because some, very few IPs a long time ago clients used were listed for botnet controllers, I replied within a few hours confirming the problem and dealing with it, they replied and delisted the same day. Maybe spam or other reasons for blacklisting are handled differently, but they've always been respectful and quick for me so I've done the same for them.

    This is the same for every company I deal with, I suspect they ignored them or were a dick, in return they got ignored or dick responses.

    If I receive a report I respond immediately, normally informing them that the account was suspended. But suspension isn't technically resolving the problem and I don't always follow up after termination or other notification. But in Suh cases it is normally a /32 at play and not if great concern. This /16 blacklisting is way over the top and I have no recourse.

  • Let's blacklist /0 and be done with it.

    -

    Thanked by 3Hxxx switsys Eased
  • jarlandjarland Administrator
    edited September 10

    Have you talked to them? What did they say? It's important not to be confrontational and simply explain your position and ask them how you can best help.

    First, though, resolve any reports that are within your ability to resolve.

    I've filled over 150 removal requests or requests for additional details in the last week and they have been nothing but friendly.

    Thanked by 2vimalware marrco
  • @rds100 I like your logic. Next level :)

  • Incoming partnership between spamhaus and DO? :)

    @jarland said: Have you talked to them? What did they say? It's important not to be confrontational and simply explain your position and ask them how you can best help.

    First, though, resolve any reports that are within your ability to resolve.

    I've filled over 150 removal requests or requests for additional details in the last week and they have been nothing but friendly.

  • randvegetarandvegeta Member, Provider

    jetchirag said: It would be 100x harder to get this into action than creating spamhaus's alternative

    Not really. Actually the tech/service already exists. But it's hard to get off the ground. There is a catch 22 situation where no one will use the service because no else is using the service.

    There software had the ability to white-list and even had disposable addresses that could be used to bypass the whole token system if needed. But ultimately making it easier to not use a token provided zero incentive to join the system so it never went any where. If the spam problem gets big enough then perhaps there would be more interest. But services like SpamExperts are pretty good at filtering spam and since it's normally not the hosting client who pays, the economics are not as clear to the end users.

  • williewillie Member
    edited September 11

    randvegeta said:

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10.

    Your post advocates a
    
    (x) technical ( ) legislative (x) market-based ( ) vigilante
    
    approach to fighting spam. Your idea will not work.
    Here is why it won't work. (One or more of the following may apply
    to your particular idea, and it may have other flaws which used to
    vary from state to state before a bad federal law was passed.)
    
    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
    
    Specifically, your plan fails to account for
    
    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
    
    and the following philosophical objections may also apply:
    
    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
    
    Furthermore, this is what I think about you:
    
    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
    
  • SplitIceSplitIce Member, Provider

    It's all just a count down to "/0"

    X4B - DDoS Protection: EU & US affordable DDoS protection including Layer 7 mitigation.
    Latest Offer: $7 Anycast DDoS Protection
  • randvegetarandvegeta Member, Provider
    edited September 11

    @willie said:

    randvegeta said:

    A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10.

    Your post advocates a
    
    (x) technical ( ) legislative (x) market-based ( ) vigilante
    
    approach to fighting spam. Your idea will not work.
    Here is why it won't work. (One or more of the following may apply
    to your particular idea, and it may have other flaws which used to
    vary from state to state before a bad federal law was passed.)
    
    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    (x) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business
    
    Specifically, your plan fails to account for
    
    ( ) Laws expressly prohibiting it
    (x) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (x) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (x) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook
    
    and the following philosophical objections may also apply:
    
    (x) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    (x) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough
    
    Furthermore, this is what I think about you:
    
    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!
    

    You clearly don't understand how it works. The only problem I see is the catch 22 where users signing up is hard given there are too few users on the system.

    The technology already exists and works with existing mail servers with zero configuration on the server required. It can even work with Gmail as it works with any kind of IMAP/POP3/SMTP server.

    There are no technical issues that prevent this.

    And no matter how profitable spam is, it won't be 10c per email profitable. And even if it is, the value of the token can simply be increased until it is no longer economical to do so.

    There are already means of whitelisting addresses or domains to get around the mailing list issue, and disposable addresses for other uses.

    None of the problema you've mentioned exist.

    I'm sorry your lack of understanding makes you feel others are stupid. I guess it's easier than educating yourself.

  • randvegeta said: I'm sorry your lack of understanding makes you feel others are stupid. I guess it's easier than educating yourself.

    Proposing a 10c cost per email is beyond absurd, don't be a dick to this guy.

    Thanked by 1Clouvider
  • randvegetarandvegeta Member, Provider
    edited September 11

    Aidan said: Proposing a 10c cost per email is beyond absurd, don't be a dick to this guy.

    The whole point is that with a 10c 'cost' to send mail, it becomes uneconomical to send spam. The only way spam is made uneconomical is if there is some cost to sending out the emails in the first place.

    But unlike a postage stamp, the value (token) attached to each mail would be received by the recipient. And under normal e-mail use, e-mail is still effectively free as the token is passed back and forth.

    i.e. it cost you $0.10 to send, but you also receive $0.10 for every e-mail you receive. So if you send me an e-mail it cost you $0.10 but when you receive my reply, you get that $0.10 back.

    willie said: (x) This is a stupid idea, and you're a stupid person for suggesting it.

    If he can be a dick, why can't I?

  • ClouviderClouvider Member, Provider

    Heh. IPv6 cannot be adopted in more than a decade and you want to turn the whole Enterprise world upside down in how long ? 100 years is probably not enough time.

    Clouvider Leading UK Cloud Hosting solution provider || UK Dedicated Servers Sale || Tasty KVM Slices || Latest LET Offer

    Web hosting in Cloud | SSD & SAS True Cloud VPS on OnApp | Private Cloud | Dedicated Servers | Colocation | Managed Services

    Thanked by 1vimalware
  • randvegetarandvegeta Member, Provider
    edited September 11

    Clouvider said: Heh. IPv6 cannot be adopted in more than a decade and you want to turn the whole Enterprise world upside down in how long ? 100 years is probably not enough time.

    Are you referring to my anti-spam solution?

    Don't get me wrong. Universal adoption is a big problem and it probably won't ever take off. But that doesn't mean it doesn't, or cannot work, nor does it make it a bad idea. The IPv6 analogy is great actually, as the merits of moving to IPv6 are clear. But we are all stuck on IPv4 and adoption of IPv6 is very much in a similar catch 22 situation where end users (broadband customers) don't want it because 99.99% of the web is IPv4 only, and website owners can't be bothered to make the switch because 100% of their client base are on IPv4.

    Eventually it will have to happen as IPv4 must eventually run out.

    So the only way I see the system I have suggested ever becoming mainstream is if SPAM is SOO BAD that people simply can no longer bare it. Or if it were part of a completely different communication system entirely (as in not technically E-Mail).

    But even if there were no whitelists and all mail had to include a $0.10 token, I would think that overall the economics would still make sense for legitimate mailing lists.

    If you think about how much physical paper we still receive in the mail, it costs way more than $0.10. Flyers, bank statements, take-away menus, etc. I believe we pretty much all still receive these things. So it's obviously not going to kill businesses or even incur prohibitive costs.

    But if you also consider the savings to companies not having to deal with spam, it could be huge. Maybe you only spend 5 - 10 mins /day clearing out your inbox, but you multiply that by the number of people in the work force multiplied by the average wage and the savings are enormous. Productivity increases could be huge.

  • iKeyZiKeyZ Member
    edited September 11

    What about large websites with large non-spam email lists (say ~10,000 users) - they suddenly have this financial hit with no return, as who replies to email lists?

    Just because spammers may have to pay $0.10 per email is not to say they will not continue to do so, if they are still earning more than they are spending, it will continue.

    It will end up with spam continuing and people now having to pay to use email.

    Silo - Simple and light PHP server resource panel with email/SMS alerts, open source too!
    Cryptolert - Free SMS alerts for Crypto-currency

    Thanked by 1Aidan
  • randvegetarandvegeta Member, Provider
    edited September 11

    @iKeyZ said: What about large websites with large non-spam email lists (say ~10,000 users) - they suddenly have this financial hit with no return, as who replies to email lists?

    Just because spammers may have to pay $0.10 per email is not to say they will not continue to do so, if they are still earning more than they are spending, it will continue.

    It will end up with spam continuing and people now having to pay to use email.

    Did you read the part where the recipient received the token? People will get PAID to receive email in this case. And I highlighted spam would not be economical at 10c. But even if it were, the value can simply be increased.

    And I already stated that you can get around the mailing list issue by using a whitelist. But even if you don't whitelist, some mailing lists would continue, as is proved by the fact that we all still receive paper mail at a higher cost.

    If you got paid to receive spam, would you be so against receiving it?

  • AnthonySmithAnthonySmith Member, Provider
    edited September 11

    @randvegeta I understand your method, I suspect it would be open to financial abuse.

    I think the real issue is that email is an open door system and spamhaus (and others) only act in transit.

    I appreciate what I am about to say makes NO sense for personal grade/level email, but for business, I agree with the idea of a paid whitelist, you want to be verified, pay £50 once p/year, anyone not paying that wants to send you an email will need to jump through a few hoops of verification per email to get it delivered, e.g. confirmation link + capcha.

    Such systems already exist, they just need to be joined up and adopted.

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ | NEW PURE NVME SSD OpenVZ UK

  • Honestly heard some pretty stupid ideas over the years but holy shit this one trump's everything.

    I recommend hosting at anyNode and IonSwitch

    Thanked by 1Aidan
  • AnthonySmithAnthonySmith Member, Provider

    Rhys said: Honestly heard some pretty stupid ideas over the years but holy shit this one trump's everything.

    It's not that stupid, but it has 2 problems, it is open to financial abuse and assumes people are not dicks, which is kind of a self-defeating loop, as the solution is only suggested because people are dicks generally, to begin with.

    Inception Hosting Limited - NL, UK, Phoenix AZ USA, KVM and OpenVZ | NEW PURE NVME SSD OpenVZ UK

    Thanked by 2vimalware southy
  • randvegetarandvegeta Member, Provider

    AnthonySmith said: Such systems already exist, they just need to be joined up and adopted.

    The system I am referring to also already exists.

    E-Mail already works as is and there is no desire to 'complicate' things. Plenty of anti-spam solutions also exist which makes the problem LESS of a problem and so I concede that the solution I have suggested would find it difficult to actually get any traction.

    Just to be clear though, I am not coming up with some theoretical software. It already exists, and all the issues (except for the Catch 22) have already been addressed.

    There are white-lists, disposable addresses and a challenge-response system that all help with gradual adoption to make e-mail still usable even if no one else is using the token. And the tokens are reusable and have value so if you receive spam, you are effectively being paid for it! And you can use those tokens to send mail to others who are also using the same system.

    The problem is when you have a challenge response system, and can use white-lists, there is no incentive for others to use the software too. It's the equivalent, I think, of using NAT. NAT prolongs the life of IPv4 by reducing the number of public addresses required for people to get online. Get rid of NAT and you'll probably find IPv6 adoption is much faster.

    So until the problem becomes SOO BAD that regular E-mail is unusable because it's full of spam, such a system may be extremely difficult actually take-off.

    It's not stupid.

  • randvegetarandvegeta Member, Provider
    edited September 11

    AnthonySmith said: it is open to financial abuse

    What kind of abuse?

    AnthonySmith said: and assumes people are not dicks

    Why does it assume that?

  • There are two basic problems, one of which rears its head in far more places than email, which is the fact that the email system is decades old and was conceived in times where trust could be reasonably assumed.

    Hence the email system has quite few (and rather feeble) safeguards against abuse.

    The other problem is the one beyond spamhaus and it's about as old as mankind: Give someone largely uncontrolled power and he will abuse it or at least be careless.

    spamhaus came into existence to respond to an urgent question that again came into existence because the email system had been conceived with benevolent, or at least not malevolent, users in mind. spamhaus was very useful in addressing that problem. The logic is behind is simple and powerful: spam by definition addresses very many and hence that very fact can be used, also practically, to recognize it and to make that information available so as to fight it.

    The next level, every wordpress or similar user knows that, came when spammers found a simple way to escape that trap by sending from frequently changing IPs. The natural response was to enhance the recognition mechanism by spotting providers/networks who seemed to be careless or even supportive of spammers. The problem, though, is that those providers do not tell their honest customers "listen, we are fraudsters" which leads to many innocent customers being caught in spam filters.

    The other factor that escalated the problem was spamhaus itself; it de facto escalated and became a bully by focussing to one-sidedly on the evil guys and by all but ignoring the good guys who just happened to be caught and hit by spamhaus, too.

    Finally there is the factor of leverage and propagation. If I as single blogger block whole networks the damage is quite limited. If, however, spamhaus does that the damage is enormous.

    Considering that often we ourselves are the product, that we, the users, have a high value, at least in big numbers, on the internet, I do see a chance to succeed and a promising attempt in creating a "better spamhaus". What we need is something like a spamhaus, which is useful, but one where we do not one-sidedly focus on the evil guys, gratuituously "killing" lots and lots of innocent people along the way but where we offer reasonable and acceptable ways to escape the blacklist net when not being evil or when a real problem has been solved.

    And we have another factor on our side: spamhaus just like email itself is aeons old. Today we have very much progressed technologies and means available. Some obstacles that would have seemed unsurmountable 20 years ago can be easily overcome today; we can, for instance, easily do much better evaluation logic and more complex mechanisms (e.g. if a spammer abuses the possibility to clear himself, he will be hit very much harder the next time or, another example, the fact that a certain provider frequently has spammers in his network but is known to quickly and effectively react can be considered in the mechanism). Just think of the Kegels 10k problem. Even a few years ago that was indeed a problem. Nowadays there are even scripting engines (e.g. node) that can deal with 10k req/s.

    Finally: I don't expect either law or economy to provide solutions. laws can be easily circumvented on the internet (even "simple" locality attribution can be hard) and having to pay for some kind of token will almost certainly lead to merely shifting the problem.

    No, this is a problem rooted in technology and, to be honest, in bad technological decisions decades ago and we will need to solve it in that realm, too.

    My favourite prime number is 42. - preferred payment: vague promises of rich great-grand-children supported by a mod.

    Thanked by 1Ole_Juul
Sign In or Register to comment.